How best get rid of SELinux?
Arthur Pemberton
pemboa at gmail.com
Fri Sep 21 15:36:55 UTC 2007
On 9/21/07, Mike McCarty <Mike.McCarty at sbcglobal.net> wrote:
> Tim wrote:
> > On Thu, 2007-09-20 at 15:36 -0500, Mike McCarty wrote:
> >
> >>It's too bad that Red Hat has jumped on the SELinux bandwagon
> >>so wholeheartedly. That is, it is for those of us who don't like
> >>it, but want to use Red Hat products or projects.
> >
> >
> > One of the (almost) unsung benefits of it is to do with created
> > software.
> >
> > If the programmers use a system with SELinux, they're forced into
> > writing their software better. And we end up with software which
>
> They are forced into writing it SELinux aware. That is not
> part of my definition of "better".
You could give google a try to see how much others agree. As in,
others who've found and fixed bugs in their apps due to SELinux.
> > On the other hand, without any SELinux, trying to make your system
> > secure, when you're using programs that the software authors had
> > free-range to do any old crap in the first place, is much more
> > difficult.
>
> I don't like to load and run crap. Do you?
> That's one reason I don't have SELinux enabled on the machines
> I administer. Not all of them are FC2, BTW.
Because calling a piece of software crap because you don't like it is
the mark of good administration.
> Note that SELinux does not attempt to make a machine more
> secure, except in a very general sense. It attempts to mitigate
> damage on a machine WHICH IS ALREADY COMPROMISED.
>
> It does little AFAICT to prevent compromise.
Further proving that you are not properly informed about it. Please,
do a little research into the matter.
--
Fedora 7 : sipping some of that moonshine
( www.pembo13.com )
More information about the fedora-list
mailing list